Skip to main content
Version: Next

Setting up HTTPS (TLS)

If you want to run ORY Hydra using self-signed TLS certificates, you can do the following:

$ openssl genrsa -out key.pem 4096$ openssl req -new -x509 -sha256 -key key.pem -out cert.crt -days 365
$ SERVE_PUBLIC_TLS_CERT_BASE64=$(base64 -i cert.crt)$ SERVE_PUBLIC_TLS_KEY_BASE64=$(base64 -i key.pem)$ SERVE_ADMIN_TLS_CERT_BASE64=$(base64 -i cert.crt)$ SERVE_ADMIN_TLS_KEY_BASE64=$(base64 -i key.pem)
# or
$ SERVE_PUBLIC_TLS_KEY_PATH=/path/to/key.pem$ SERVE_PUBLIC_TLS_CERT_PATH=/path/to/cert.crt$ SERVE_ADMIN_TLS_KEY_PATH=/path/to/key.pem$ SERVE_ADMIN_TLS_CERT_PATH=/path/to/cert.crt

If you run Docker locally, you can then use

$ docker run ... \    -e SERVE_PUBLIC_TLS_CERT_BASE64="$SERVE_PUBLIC_TLS_CERT_BASE64" \    -e SERVE_PUBLIC_TLS_KEY_BASE64="$SERVE_PUBLIC_TLS_KEY_BASE64" \    -e SERVE_ADMIN_TLS_CERT_BASE64="$SERVE_ADMIN_TLS_CERT_BASE64" \    -e SERVE_ADMIN_TLS_KEY_BASE64="$SERVE_ADMIN_TLS_KEY_BASE64" \    ...

or mount the files using --mount and linking to the files.